From: | "Dawid Kuroczko" <qnex42(at)gmail(dot)com> |
---|---|
To: | "Postgres General" <pgsql-general(at)postgresql(dot)org> |
Cc: | "Simon Riggs" <simon(at)2ndquadrant(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: DELETE FROM pg_class |
Date: | 2007-09-24 19:28:29 |
Message-ID: | 758d5e7f0709241228s2da2ef25o8c0d16f614787a56@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 9/24/07, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Simon Riggs <simon(at)2ndquadrant(dot)com> writes:
> > On Mon, 2007-09-24 at 14:44 +0200, Dawid Kuroczko wrote:
> >> Hello, I see that I can modify system tables even though I have
> >> not set allow_system_table_mods... Is this a feature or a bug?
>
> > allow_system_table_mods allows you to modify the structure, not just the
> > data, i.e. add additional columns to system tables.
>
> > Superusers have the capability to modify data in catalog tables and many
> > other things besides, normal users don't.
>
> It is possible to disable this by turning off your
> pg_authid.rolcatupdate flag, but AFAIR there is no handy support for
> that (eg, no separate ALTER ROLE option).
>
> The better advice though is "don't run as superuser except when you
> absolutely must". You don't do random work as root, do you?
Nah, actually a friend (user of the other open source RDBMS) asked
me if you can overload PostgreSQL builtins (like new()). And it was quite
simple. I thought though, that I need allow_system_table_mods for it
and it surprised me that I just needed to become superuser...
Somehow, when I read documentation, my internal parser omitted
the "of the structure" of the "Allows modification of the structure of
system tables." sentence. I feel a bit foolish for asking this question,
but now I am a bit wiser.
Regards,
Dawid
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Morgan Lloyd | 2007-09-24 20:56:24 | Re: Best practice for specifying an interval |
Previous Message | Carlos Moreno | 2007-09-24 19:17:21 | Restricting user access to an absolute minimum? |